[24422] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Open Bulletin Board javascript bug.

daemon@ATHENA.MIT.EDU (godminus)
Tue Feb 26 18:27:02 2002

Date: Tue, 26 Feb 2002 20:24:29 +0200
From: godminus <godminus@owns.com>
To: bugtraq@securityfocus.org
Message-id: <001301c1bef2$d7761e10$0b00000a@god>
MIME-version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT

>   OpenBB is free php-based forum.  
>
>   Exploit:
>   [img]javasCript:alert('Hello world.')[/img]
>
>   Vulnerable systems:
>   All versions of Open Bulletin Board including 
>   v.1.0.0 
>
>  Immune systems:
>   None
>
>   Solution:
>   All url's in [img] tags should start  
>   with "http://" 
>
>                                    Yurij Rumiantsev  

Ikonboard version 3.0.1 is vulnerable for the same bug

 -- godminus


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[24422] in bugtraq

Re: Open Bulletin Board javascript bug.

daemon@ATHENA.MIT.EDU (godminus)Tue Feb 26 18:27:02 2002

daemon@ATHENA.MIT.EDU (godminus)
Tue Feb 26 18:27:02 2002